Security News > 2022 > April > Fake Windows 10 updates infect you with Magniber ransomware
Fake Windows 10 updates are being used to distribute the Magniber ransomware in a massive campaign that started earlier this month.
While researching the campaign, we discovered a topic in our forums where readers report becoming infected by the Magniber ransomware after installing what is believed to be Windows 10 cumulative or security update.
Other downloads pretend to be Windows 10 cumulative updates, using fake knowledge base articles, as shown below.
While it's not 100% clear how the fake Windows 10 updates are being promoted, the downloads are distributed from fake warez and crack sites.
The ransomware also creates ransom notes named README.html in each folder that contains instructions on how to access the Magniber Tor payment site to pay a ransom.
The Magniber payment site is titled 'My Decryptor' and will allow a victim to decrypt one file for free, contact 'support,' or determine the ransom amount and bitcoin address victims should make a payment.
News URL
Related news
- Bad luck, Windows 10 users. No fix yet for ransomware-exploited bug (source)
- Windows 10 KB5052077 update fixes broken SSH connections (source)
- Windows 10 KB5053606 update fixes broken SSH connections (source)
- New VanHelsing ransomware targets Windows, ARM, ESXi systems (source)
- VanHelsing ransomware emerges to put a stake through your Windows heart (source)
- Windows 10 KB5055518 update fixes random text when printing (source)
- Microsoft: Windows CLFS zero-day exploited by ransomware gang (source)
- PipeMagic Trojan Exploits Windows Zero-Day Vulnerability to Deploy Ransomware (source)
- Microsoft: Windows CLFS Vulnerability Could Lead to ‘Widespread Deployment and Detonation of Ransomware’ (source)